Author : Ashutosh Lande 1
Date of Publication :7th April 2016
Abstract: In Online Social Networking (OSN), unfortunately, hackers have realized the potential of using apps for spreading malware and spam which are harmful to Face-book users. The problem is already significant, as we find that at least 13% of apps in our dataset are malicious. So far, the research community has focused on detecting malicious posts and campaigns. In this project, we ask the question to the Face-book user that, given a Face-book application, can you determine whether that application is malicious? Of course that user couldn’t identify that. So, our key contribution is in developing “FRAppE—Face-book’s Rigorous Application Evaluator”, arguably the first tool focused on detecting malicious apps on Facebook. To develop FRAppE, we use information gathered by observing the posting behavior of 111K Face-book apps seen across 2.2 million users on Face-book. First, we identify a set of features that help us distinguish between malicious apps and benign apps. For example, we find that malicious apps often share names with other apps, and they typically request little permission than benign apps. Second, leveraging these distinguishing features, we show that FRAppE can detect malicious apps with 99.5% accuracy, with no false positives and a low false negative rate (4.1%). Finally, we explore the ecosystem of malicious Face-book apps and identify mechanisms that these apps use to propagate. Interestingly, we find that many apps collude and support each other; in our dataset, we find 1,584 apps enabling the viral propagation of 3,723 other apps through their posts. Long-term, we see FRAppE as a step towards creating an independent watchdog for app assessment and ranking, so as to warn Face-book users before installing apps.
Reference :
-
- H. Gao, J. Hu, C. Wilson, Z. Li, Y. Chen, and B. Y. Zhao. Detecting and characterizing social spam campaigns. In IMC, 2010
- P. Chia, Y. Yamamoto, and N. Asokan. Is this app safe? A large scale study on application permissions and risk signals.In WWW, 2012.
- C.-C. Chang and C.-J. Lin. LIBSVM: A library for support vector machines. ACM Transactions on Intelligent Systems and Technology, 2, 2011.
- A. Besmer, H. R. Lipford, M. Shehab, and G. Cheek. Social applications: exploring a more secure framework. In SOUPS,2009.
- C. Pring, “100 social media statistics for 2012,” 2012 [Online]. Available: http://thesocialskinny.com/100- social-media-statistics-for-2012/
- Facebook, Palo Alto, CA, USA, “Facebook Opengraph API,” [Online]. Available: http://developers.facebook.com/docs/reference/api/
- “Wiki: Facebook platform,” 2014 [Online]. Available: http://en. wikipedia.org/wiki/Facebook_Platform
- “Pr0file stalker: Rogue Facebook application,” 2012 [Online]. Available: https://apps.facebook.com/mypagekeeper/?status=scam_r eport- _fb_survey_scam_pr0file_viewer_2012_4_4
- “Whiich cartoon character are you—Facebook survey scam,” 2012 [Online]. Available: https://apps.facebook.com/mypagekeeper/?status=scam_r eport_fb_survey_scam_whiich_cartoon_character_are_yo u_2012_03_30
- G. Cluley, “The Pink Facebook rogue application and survey scam,” 2012 [Online]. Available: http://nakedsecurity.sophos.com/2012/02/ 27/pinkfacebook-survey-scam/
- D. Goldman, “Facebook tops 900 million users,” 2012 [Online]. Available: http://money.cnn.com/2012/04/23/technology/facebookq1 / index.htm
- R. Naraine, “Hackers selling $25 toolkit to create malicious Facebook apps,” 2011 [Online]. Available: http://zd.net/g28HxI
- HackTrix, “Stay away from malicious Facebook apps,” 2013 [Online]. Available: http://bit.ly/b6gWn5
- M. S. Rahman, T.-K. Huang, H. V. Madhyastha, and M. Faloutsos, “Efficient and scalable socware detection in online social networks,” in Proc. USENIX Security, 2012, p. 32.
- H. Gao et al., “Detecting and characterizing social spam campaigns,” in Proc. IMC, 2010, pp. 35–47.
- H. Gao, Y. Chen, K. Lee, D. Palsetia, and A. Choudhary, “Towards online spam filtering I social networks,” in Proc. NDSS, 2012.
-
- H. Gao, J. Hu, C. Wilson, Z. Li, Y. Chen, and B. Y. Zhao. Detecting and characterizing social spam campaigns. In IMC, 2010.
- P. Chia, Y. Yamamoto, and N. Asokan. Is this app safe? A large scale study on application permissions and risk signals.In WWW, 2012.
- C.-C. Chang and C.-J. Lin. LIBSVM: A library for support vector machines. ACM Transactions on Intelligent Systems and Technology, 2, 2011.
- A. Besmer, H. R. Lipford, M. Shehab, and G. Cheek. Social applications: exploring a more secure framework. In SOUPS,2009.
- C. Pring, “100 social media statistics for 2012,” 2012 [Online]. Available: http://thesocialskinny.com/100- social-media-statistics-for-2012/
- Facebook, Palo Alto, CA, USA, “Facebook Opengraph API,” [Online]. Available: http://developers.facebook.com/docs/reference/api/
- “Wiki: Facebook platform,” 2014 [Online]. Available: http://en. wikipedia.org/wiki/Facebook_Platform
- “Pr0file stalker: Rogue Facebook application,” 2012 [Online]. Available: https://apps.facebook.com/mypagekeeper/?status=scam_r eport- _fb_survey_scam_pr0file_viewer_2012_4_4
- “Whiich cartoon character are you—Facebook survey scam,” 2012 [Online]. Available: https://apps.facebook.com/mypagekeeper/?status=scam_r eport_fb_survey_scam_whiich_cartoon_character_are_yo u_2012_03_30
- G. Cluley, “The Pink Facebook rogue application and survey scam,” 2012 [Online]. Available: http://nakedsecurity.sophos.com/2012/02/ 27/pinkfacebook-survey-scam/
- D. Goldman, “Facebook tops 900 million users,” 2012 [Online]. Available: http://money.cnn.com/2012/04/23/technology/facebookq1 / index.htm
- R. Naraine, “Hackers selling $25 toolkit to create malicious Facebook apps,” 2011 [Online]. Available: http://zd.net/g28HxI
- HackTrix, “Stay away from malicious Facebook apps,” 2013 [Online]. Available: http://bit.ly/b6gWn5
- M. S. Rahman, T.-K. Huang, H. V. Madhyastha, and M. Faloutsos, “Efficient and scalable socware detection in online social networks,” in Proc. USENIX Security, 2012, p. 32.
- H. Gao et al., “Detecting and characterizing social spam campaigns,” in Proc. IMC, 2010, pp. 35–47.
- H. Gao, Y. Chen, K. Lee, D. Palsetia, and A. Choudhary, “Towards online spam filtering I social networks,” in Proc. NDSS, 2012.